计算机网络安全技术与实施（旧） 思科网络学院CCNA Security资源 CCNA安全第6章实验1_Secure-Layer2_学生实验手册.doc

网络技术专业教学资源库 Page PAGE 2 of NUMPAGES 31 Page PAGE 1 of NUMPAGES 31 国家高等职业教育网络技术专业教学资源库 CCNA安全物理设备实操 学生实验手册 CCNA安全实操实验1 Chapter 6 Lab A: Securing Layer 2 Switches Chapter 6 Lab A: Securing Layer 2 Switches Topology IP Addressing Table Device Interface IP Address Subnet Mask Default Gateway Switch Port R1 Fa0/1 N/A S1 FA0/5 S1 VLAN 1 N/A N/A S2 VLAN 1 N/A N/A PC-A NIC 0 S1 FA0/6 PC-B NIC 1 S2 FA0/18 Objectives Part 1: Configure Basic Switch Settings Build the topology. Configure the host name, IP address, and access passwords. Part 2: Configure SSH Access to the Switches Configure SSH access on the switch. Configure an SSH client to access the switch. Verify the configuration. Part 3: Secure Trunks and Access Ports Configure trunk port mode. Change the native VLAN for trunk ports. Verify trunk configuration. Enable storm control for broadcasts. Configure access ports. Enable PortFast and BPDU guard. Verify BPDU guard. Enable root guard. Configure and verify port security. Disable unused ports. Move ports from default VLAN 1 to alternate VLAN. Configure the PVLAN Edge Feature on a port. Part 4: Configure SPAN and Monitor Traffic Configure Switched Port Analyzer (SPAN). Monitor port activity using Wireshark. Analyze a sourced attack. Background The Layer 2 infrastructure consists mainly of interconnected Ethernet switches. Most end-user devices, such as computers, printers, IP phones and other hosts, connect to the network via Layer 2 access switches. As a result, switches can present a network security risk. Similar to routers, switches are subject to attack from malicious internal users. The switch Cisco IOS software provides many security features that are specific to switch functions and protocols. In this lab, you configure SSH access and Layer 2 security for switches S1 and S2. You also configure various switch protection measures, including access port security, switch storm control, and Spanning Tree Protocol (STP) features such as BPDU guard and root g